惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
The Last Watchdog
The Last Watchdog
TaoSecurity Blog
TaoSecurity Blog
Schneier on Security
Schneier on Security
SecWiki News
SecWiki News
V
Vulnerabilities – Threatpost
Project Zero
Project Zero
O
OpenAI News
W
WeLiveSecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
H
Hacker News: Front Page
Cisco Talos Blog
Cisco Talos Blog
Spread Privacy
Spread Privacy
Help Net Security
Help Net Security
P
Privacy & Cybersecurity Law Blog
K
Kaspersky official blog
S
Security @ Cisco Blogs
Latest news
Latest news
AWS News Blog
AWS News Blog
U
Unit 42
Martin Fowler
Martin Fowler
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
博客园 - 司徒正美
B
Blog RSS Feed
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
Docker
Google Online Security Blog
Google Online Security Blog
Jina AI
Jina AI
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Last Week in AI
Last Week in AI
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
SegmentFault 最新的问题
NISL@THU
NISL@THU
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
小众软件
小众软件

博客园 - Jans

Flutter运行时闪退 利用 Python 爬虫来对文本进行批量化翻译 Thinkpad T460声音问题 Error 56: The Cisco Systems, Inc. VPN Service has not been started(Cisco VPN在Vista/Win 7下出现Error 56的解决办法) - Jans weblogic 10.3.5重置密码 在基于WCF开发的Web Service导出WSDL定义问题及自定义wsdl:port 名称 JNI:在线程或信号处理函数中访问自定义类 (转)Java实现Web Service过程中处理SOAP Header的问题 Geek to Live: Set up your personal Wikipedia (转)GitHub上整理的一些工具,求补充 - (转)老衣的开发工具和类库集之2014版 GCC的内存边界对齐 如何删除Weblogic域 电蚊拍选购参考 Localizing WPF with .resx files C#操作串口总结 ASP.NET MVC的国际化问题 小众的分布式版本管理工具Code Co-op 关于效率长尾现象
Weblogic中配置Active Directory Authentication Provider
Jans · 2015-08-26 · via 博客园 - Jans

其要点或者容易出错的关键点是:(<>及其中说明代表需要替换的内容)

        Host: ads.yourdomain.com         Host填AD服务器的域名或IP

         Port: 389                                       Port默认389端口,可以用telnet <ad server ip>  389  来测试你的域控端口是否可以访问

         Principal: cn=Administrator,cn=Users,dc=yourdomain,dc=com         cn填管理员用户名,dc dc 把域名拆开写就可以了

         Credential: ******* 你的管理员密码

  Confirm Credential: ******* 再一遍

     Users

      User Base DN:               cn=Users,dc=yourdomain,dc=com        

      User From Name Filter: (&(samAccountName=%u)(objectclass=user))

      User Name Attribute:      samAccountName

     Groups

     Group Base DN:              cn=Users,dc=yourdomain,dc=com        

     Group From Name Filter:  (&(cn=%g)(objectclass=group))

具体参考下文  http://www.weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/

Configuring Active Directory Authenticator with Weblogic Server

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and rolemapping.Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.These providers can be Out Of the Box Providers provided by WLS or Custom Providers which can be plugged in. I’ll discuss that in some other article.

These are some of the providers


WLS does provide an out of the box provider for Active Directory.
These are the steps to configure it.
Step 1). Open Active Directory Console

Step 2). Create a User

Step 3). Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.

Step 4). Go to Weblogic Server and Create an Active Directory Authentication Provider

Step 5) Under Provider Specific, provide the following values, leave the others as default.

Propagate Cause For Login Exception ( checked)
Principal :CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com
User Base Dn : CN=Users,DC=faisal,DC=bea,DC=com
Credential : XXXXXX
Group Base Dn: CN=Users,DC=faisal,DC=bea,DC=com

You should see the following in the config.xml

<sec:authentication-provider xsi:type=”wls:active-directory-authenticatorType”>
<sec:name>ActiveDirectory</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:principal>CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com</wls:principal>
<wls:user-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{3DES}YoOwqSH1jxsOlvUmAYOENw==</wls:credential-encrypted>
<wls:group-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:group-base-dn>
</sec:authentication-provider>

Step 6) Change the control flag of the Active Directory Authenticator and the Default Authenticator to SUFFICIENT

Step 7) Restart your server. Go to myrealm. You should be able to see the users and groups from the Active Directory.